Russians and Malware Involved in $2 Million ATM Heist in Taiwan

ATM transactions suspended in Taiwan for two days. Taiwan’s top eight banks have suspended operations on 900 ATMs after crooks stole NT$70 million ($2.18 million) from 20 branches across two cities over the weekend.

The heists took place on Saturday and Sunday, July 9 and 10, 2016, and targeted the branches of Taiwan’s First Bank and its ATMs in the cities of Taipei and Taichung, reports the Straits Times.

Following the incident, the Bank of Taiwan, Chang Hwa Bank, and five other institutions announced they were suspending ATM transactions to check their equipment.

Crooks targeted ATMs made by Wincor Nixdorf

Crooks appeared to have targeted ATMs from Wincor Nixdorf, a German company that manufacturers ATM hardware for banks all over the world.

According to Focus Taiwan, authorities are investigating the case and say that surveillance video showed two individuals wearing hats and masks visiting all ATMs, dumping cash from the machine, and then stuffing it into their backpacks.

Because the ATMs seemed to spew money on demand, authorities believe that malware was somehow involved in the heist. They also suspect that the crooks might have had a collaborator inside the bank, who facilitated the malware’s installation.

Police identified one of the crooks, also suspect a bank insider

Police will first focus their search on bank clerks, the security personnel that’s in charge of filling the ATMs and the maintenance engineers, as they are the only ones with access to the ATMs and who could install the malware.

Taiwanese officials say they have managed to identify one of the crooks as a Russia national, who fled the country on Monday, July 11.

It took two days time for authorities to detect the robberies because the country is dealing with the aftermath of the Nepartak typhoon and a bombing on a commuter train in northern Taiwan.

Bank officials said they plan to resume all ATM operations tomorrow, on Wednesday, July 13.